Opened network connection control method, opened network connection control system, connection control unit and recording medium

US 7,809,001 B2
Filed: 12/30/2004
Issued: 10/05/2010
Est. Priority Date: 07/21/2004
Status: Active Grant

First Claim

Patent Images

1. An opened network connection control method, for connecting to an opened network from a closed network, the closed network comprising:

terminal units connected to one another in such a way as to be able to exchange data with one another;

a central unit which receives a connection request to the opened network from each of the terminal units, and controls connection to the opened network; and

a connection control unit which receives an assignment request for a virtual logic identifier from the central unit and assigns the virtual logic identifier to each of the terminal units, the connection control method comprising;

storing connection condition information having a keyword indicating an item necessary for ensuring a security level of the terminal unit from which the connection request is received and an update number indicating a process for updating the item;

receiving an assignment request from the central unit;

acquiring connection history information having the keyword indicating the item installed in each terminal unit and the update number indicating the process which was applied to each terminal unit which corresponds to the assignment request to the opened network;

determining whether the acquired connection history information fulfills the connection condition information or not by comparing the update number in the connection history information and the update number in the connection condition information with respect to the keyword; and

assigning the virtual logic identifier to the terminal unit corresponding to the assignment request when it is determined that the acquired connection history information fulfills the connection condition information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are an opened network connection control method, an opened network connection control system, a connection control unit and a recording medium, which allow only terminal units capable of securing security to be connected to an opened network, thereby improving the security level. The connection control unit acquires connection history information held by the terminal unit which has sent a request for connection to the opened network to a central unit, and assigns a logic identifier to the terminal unit and connects the terminal unit to the opened network when the contents of the acquired connection history information coincide with the contents of connection condition information record.

Citations

35 Claims

1. An opened network connection control method, for connecting to an opened network from a closed network, the closed network comprising:
- terminal units connected to one another in such a way as to be able to exchange data with one another;
  
  a central unit which receives a connection request to the opened network from each of the terminal units, and controls connection to the opened network; and
  
  a connection control unit which receives an assignment request for a virtual logic identifier from the central unit and assigns the virtual logic identifier to each of the terminal units, the connection control method comprising;
  
  storing connection condition information having a keyword indicating an item necessary for ensuring a security level of the terminal unit from which the connection request is received and an update number indicating a process for updating the item;
  
  receiving an assignment request from the central unit;
  
  acquiring connection history information having the keyword indicating the item installed in each terminal unit and the update number indicating the process which was applied to each terminal unit which corresponds to the assignment request to the opened network;
  
  determining whether the acquired connection history information fulfills the connection condition information or not by comparing the update number in the connection history information and the update number in the connection condition information with respect to the keyword; and
  
  assigning the virtual logic identifier to the terminal unit corresponding to the assignment request when it is determined that the acquired connection history information fulfills the connection condition information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The opened network connection control method according to claim 1, whereinthe method further comprises accepting alteration of the connection condition information.
  - 3. The opened network connection control method according to claim 1, wherein the method further comprises acquiring the connection history information from the terminal unit which corresponds to the assignment request.
  - 4. The opened network connection control method according to claim 1, whereinthe method further comprises sending information on an item of the connection condition information which is not fulfilled by the connection history information to the terminal unit corresponding to the assignment request in case that it is determined that the acquired connection history information does not fulfill the connection condition information,receiving information on the item of the connection condition information which is not fulfilled,updating the connection history information according to the information on the item of the connection condition information which is not fulfilled, andstoring the updated connection history information.
  - 5. The opened network connection control method according to claim 1, whereinthe method further comprisesacquiring the connection history information of the terminal unit and storing the acquired connection history information.
  - 6. The opened network connection control method according to claim 2, whereinthe method further comprises acquiring the connection history information from the terminal unit which corresponds to the assignment request.
  - 7. The opened network connection control method according to claim 2, whereinthe method further comprisessending information on the item of the connection condition information which is not fulfilled by the connection history information to the terminal unit corresponding to the assignment request in case that it is determined that the acquired connection history information does not fulfill the connection condition information,receiving information on the item of the connection condition information which is not fulfilled,updating the connection history information according to the information on the item of the connection condition information which is not fulfilled, andstoring the updated connection history information.
  - 8. The opened network connection control method according to claim 2, whereinthe method further comprisesacquiring the connection history information of the terminal unit and storing the acquired connection history information.

9. An opened network connection control system comprising:
- terminal units;
  
  a central unit which receives a connection request to the opened network from each of the terminal units, and controls connection to the opened network; and
  
  a connection control unit which receives an assignment request for a virtual logic identifier from the central unit and assigns the virtual logic identifier to each of the terminal units,wherein the terminal units are connected, and the connection control unitcomprises a processor capable of performing the following operations of;
  
  storing connection condition information having a keyword indicating an item necessary for ensuring a security level of the terminal units from which the connection request is received and an update number indicating a process for updating the item;
  
  receiving an assignment request from the central unit;
  
  acquiring connection history information having the keyword indicating the item installed in each terminal unit and the update number indicating the process which was applied to the item by each terminal unit which corresponds to the assignment request to the opened network;
  
  determining whether the acquired connection history information fulfills the connection condition information or not by comparing the update number in the connection history information and the update number in the connection condition information with respect to the keyword; and
  
  assigning the virtual logic identifier to the terminal unit corresponding to the assignment request in case that it is determined that the acquired connection history information fulfills the connection condition information.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The opened network connection control system according to claim 9, whereinsaid processor alters the connection condition information.
  - 11. The opened network connection control system according to claim 9, whereinsaid processor acquires the connection history information from the terminal unit which corresponds to the assignment request.
  - 12. The opened network connection control system according to claim 9, wherein said processor further performs the operation of sending information on an item of the connection condition information which is not fulfilled by the connection history information to the terminal unit corresponding to the assignment request in case that it is determined that the acquired connection history information does not fulfill the connection condition information, and each of the terminal units comprises a processor performing the operations of:
    - receiving information on the item of the connection condition information which is not fulfilled, updating the connection history information according to the information on the item of the connection condition information which is not fulfilled, and storing the updated connection history information.
  - 13. The opened network connection control system according to claim 9, wherein said processor further performs the operation of acquiring the connection history information of the terminal unit and stores the acquired connection history information.

14. An opened network connection control system comprising:
- terminal units;
  
  a central unit which receives a connection request to the opened network from each of the terminal units, and controls connection to the opened network; and
  
  a connection control unit which receives an assignment request for a virtual logic identifier from the central unit and assigns the virtual logic identifier to each of the terminal units,wherein the connection control unit to be used in a closed network environment where the terminal units are connected to one another in such a way as to be able to exchange data with one another comprises;
  
  means for previously storing connection condition information having a keyword indicating an item necessary for ensuring a security level of the terminal units from which the connection request is received and an update number indicating a process for updating the item;
  
  means for receiving an assignment request from the central unit;
  
  means for acquiring connection history information having the keyword indicating the item installed in each terminal unit and the update number indicating the process which was applied to each terminal unit which corresponds to the assignment request to the opened network;
  
  means for determining whether the acquired connection history information fulfills the connection condition information or not by comparing the update number in the connection history information and the update number in the connection condition information with respect to the keyword; and
  
  means for assigning the virtual logic identifier to the terminal unit corresponding to the assignment request when it is determined that the connection history information fulfills the connection condition information.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The opened network connection control system according to claim 14, whereinthe connection control unit further comprises means for accepting alteration of the connection condition information.
  - 16. The opened network connection control system according to claim 14, whereinthe connection control unit further comprises means for acquiring the connection history information from the terminal unit which corresponds to the assignment request.
  - 17. The opened network connection control system according to claim 14, whereinthe connection control unit further comprises means for sending information on an item of the connection condition information which is not fulfilled by the connection history information to the terminal unit corresponding to the assignment request when it is determined that the connection history information does not fulfill the connection condition information, andeach of the terminal units further comprises:
    - means for receiving information on the item of the connection condition information which is not fulfilled,means for updating the connection history information according to the information on the item of the connection condition information which is not fulfilled, andmeans for storing the updated connection history information.
  - 18. The opened network connection control system according to claim 14, whereinthe connection control unit further comprises means for acquiring the connection history information of the terminal unit and storing the acquired connection history information.

19. A connection control unit, which receives a connection request to the opened network from a terminal unit, and receives an assignment request for a virtual logic identifier from a central unit which controls connection to the opened network, and assigns the virtual logic identifier to the terminal unit, wherein the connection control unit comprises a processor performing the following operations of:
- storing connection condition information having a keyword indicating an item necessary for ensuring a security level of the terminal unit from which the connection request is received and an update number indicating a process for updating the item;
  
  receiving an assignment request from the central unit;
  
  acquiring connection history information having the keyword indicating the item installed in each terminal unit, the update number indicating the process which was applied to the terminal unit which corresponds to the assignment request to the opened network;
  
  determining whether the acquired connection history information fulfills the connection condition information or not by comparing the update number in the connection history information and the update number in the connection condition information with respect to the keyword; and
  
  assigning the virtual logic identifier to the terminal unit corresponding to the assignment request when it is determined that the connection history information fulfills the connection condition information.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The connection control unit according to claim 19, wherein said processor alters the connection condition information.
  - 21. The connection control unit according to claim 19, wherein said processor acquires the connection history information from the terminal unit which corresponds to the assignment request.
  - 22. The connection control unit according to claim 19, whereinwhen it is determined that the acquired connection history information does not fulfill the connection condition information, an item of the connection condition information which is not fulfilled is output to a terminal unit.
  - 23. The connection control unit according to claim 19, wherein said processoracquires the connection history information of the terminal unit and storing the acquired connection history information.

24. A connection control unit, which receives a connection request to an opened network from a terminal unit, and receives an assignment request for a virtual logic identifier from a central unit which controls connection to the opened network, and assigns the virtual logic identifier to the terminal unit, wherein the connection control unit comprises:
- means for storing connection condition information having a keyword indicating an item necessary for ensuring a security level of the terminal unit from which the connection request is received and an update number indicating a process for updating the item;
  
  means for receiving an assignment request from the central unit;
  
  means for acquiring connection history information, having the keyword indicating the item installed in each terminal unit and the update number indicating the process was applied to the terminal unit which corresponds to the assignment request to the opened network;
  
  means for determining whether the acquired connection history information fulfills the connection condition information or not by comparing the update number in the connection history information and the update number in the connection condition information with respect to the keyword; and
  
  means for assigning the virtual logic identifier to the terminal unit corresponding to the assignment request when it is determined that the connection history information fulfills the connection condition information.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The connection control unit according to claim 24, further comprisingmeans for accepting alteration of the connection condition information.
  - 26. The connection control unit according to claim 24, further comprisingmeans for acquiring the connection history information from the terminal unit which corresponds to the assignment request.
  - 27. The connection control unit according to claim 24, further comprisingmeans for outputting an item of the connection condition information which is not fulfilled by the connection history information to a terminal unit when it is determined that the connection history information does not fulfill the connection condition information.
  - 28. The connection control unit according to claim 24, further comprisingmeans for acquiring the connection history information of the terminal unit and storing the acquired connection history information.

29. A non-transitory computer-readable medium storing a computer program for causing a computer to receive a connection request to the opened network from a terminal unit, to receive an assignment request for a virtual logic identifier from a central unit which controls connection to the opened network, and to assign the virtual logic identifier to the terminal unit, wherein the connection control unit previously stores connection condition information having a keyword indicating an item necessary for ensuring a security level of the terminal unit from which the connection request is received and an update number indicating a process for updating the item, and the computer program which when executed causes the computer to perform:
- receiving an assignment request from the central unit, acquiring connection history information having the keyword indicating the item installed in each terminal unit and the update number indicating the process which was applied to the terminal unit which corresponds to the assignment request to the opened network, determining whether the acquired connection history information fulfills the connection condition information or not by comparing the update number in the connection history information and the update number in the connection condition information with respect to the keyword; and
  
  assigning the virtual logic identifier to the terminal unit corresponding to the assignment request in case that it is determined that the acquired connection history information fulfills the connection condition information.
- View Dependent Claims (30, 31, 32, 33)
- - 30. The non-transitory computer-readable medium according to claim 29, further comprising accepting alteration of the connection condition information.
  - 31. The non-transitory computer-readable medium according to claim 29, further comprising acquiring the connection history information from the terminal unit which corresponds to the assignment request.
  - 32. The non-transitory computer-readable medium according to claim 29, further comprising outputting an item of the connection condition information which is not fulfilled by the connection history information to a terminal unit in case that it is determined that the connection history information does not fulfill the connection condition information.
  - 33. The non-transitory computer-readable medium according to claim 29, further comprising acquiring the connection history information of the terminal unit and storing the acquired connection history information.

34. A network connection method comprising:
- receiving a connection request indicating a request to assign of a network resource which is necessary to communicate with an apparatus connected to the network, from a terminal apparatus;
  
  acquiring, in response to having received the connection request, history information having information indicating a process which was applied to the terminal apparatus, necessary for ensuring a security level of the terminal apparatus;
  
  retrieving, in response to having received the connection request, connection condition information having information necessary for ensuring the security level of the terminal apparatus;
  
  determining, in response to having received the connection request, whether the acquired history information fulfills the connection condition information or not;
  
  assigning, in response to having received the connection request, the network resource to the terminal apparatus corresponding to the connection request, if it is determined that the acquired history information fulfills the connection condition information; and
  
  transmitting, in response to having received the connection request, update information necessary for satisfying condition information to the terminal apparatus, if it is determined that the acquired history information does not fulfill the connection condition information.

35. A network connection control apparatus comprising:
- a receiving unit which receives a connection request indicating a request to assign of a network resource which is necessary to communicate with an apparatus connected to the network, from a terminal apparatus;
  
  an acquiring unit which acquires, in response to having received the connection request, history information having information indicating a process which was applied to the terminal apparatus, necessary for ensuring a security level of the network connection control apparatus;
  
  a retrieving unit which retrieves, in response to having received the connection request, connection condition information necessary for ensuring the security level;
  
  a determining unit which determines, in response to having received the connection request, whether the acquired history information fulfills the connection condition information or not;
  
  an assigning unit which assigns, in response to having received the connection request, the network resource to the terminal apparatus corresponding to the connection request, if it is determined that the acquired history information fulfills the connection condition information; and
  
  a transmitting unit which transmits, in response to having received the connection request, update information necessary for satisfying condition information to the terminal apparatus, if it is determined that the acquired history information does not fulfill the connection condition information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Yamakawa, Kazuo
Primary Examiner(s)
Sheikh; Ayaz R
Assistant Examiner(s)
LEE, ANDREW CHUNG CHEUNG

Application Number

US11/024,493
Publication Number

US 20060018264A1
Time in Patent Office

2,105 Days
Field of Search

370/395.1, 370/305.2, 370/395, 370/398, 370/401, 370381-385, 370/399, 370/422, 379/202, 379/229, 379/230
US Class Current

370/395.1
CPC Class Codes

H04L 63/145 the attack involving the pr...

H04L 63/20 for managing network securi...

Opened network connection control method, opened network connection control system, connection control unit and recording medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Opened network connection control method, opened network connection control system, connection control unit and recording medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links